📄️ Creating a child process with redirected IO
In a recent experiment, I sought to interact with a hollowed process in a manner similar to a conventional console application. Although there is an example on MSDN about creating a child process with redirected I/O, it does not create the interactive session I so desired. In this snippet I will demonstrate how to create a child process with interactive I/O
📄️ Native Parent PID Spoofing
Process notifications provide critical information for process-oriented detections, used by most EDR solutions. A common strategy is to correlate parent-child processes on the system to identify a potentially suspicious relationship, such as Microsoft Word spawning Powershell